Enable MFA for Quicksight users not in IAM

Looking for the simplest way to enable MFA / 2FA for account users that were not set up in IAM, but registered strictly on the Quicksight portal. Quicksight is the only AWS service they need access to.
We also cannot use AD or any external federation.
Do all of the current accounts need to be recreated in IAM and use API calls to port over all their permissions for dashboards, datasets, etc. to ensure the correct access for each user? -Sounds like a complicated process just to get the benefit of MFA, but that is the goal. Any help appreciated as pretty new to AWS and Quicksight. Thank you!

There are limitations to setting up MFA with Quicksight.

However, you can look into this.

To get a full picture of MFA with Quicksight, this outlines all you’ll need to know.

1 Like

@Max Yes, thank you. As you said, there appear to be limitations. There just doesn’t seem to be a way to enable MFA on a Quicksight user account unless it was set up with IAM originally. The difficulty then, is recreating hundreds of accounts in IAM with all the same dashboard access and account permissions that were setup previously in a non-IAM account.

1 Like